Two Americans have pleaded guilty in federal court to extortion through a ransomware attack in 2023.
The two men entered their guilty pleas in federal court in the Southern District of Florida for conspiring to delay or affect commerce through extortion in connection with ransomware attacks. According to the U.S. Attorney General for the district, said the men used the ALPHV BlackCat ransomware between April 2023 and December 2023 against multiple victims. Ryan Goldberg, 40, of Georgia; and Kevin Martin, 36, of Texas, allegedly deployed the ransomware on the victims and agreed to pay the ALPHV BlackCat administrators a 20 percent share of any ransoms received in exchange for access to the ransomware and the ALPHV BlackCat’s extortion platform.
Goldberg and Martin, along with a third unnamed co-conspirator, all worked in the cybersecurity industry. In one case, after successfully extorting one victim for $1.2 million in Bitcoin, the men split their 80 percent share of the ransom three ways and used various means to launder the proceeds.
“These defendants used their sophisticated cybersecurity training and experience to commit ransomware attacks — the very type of crime that they should have been working to stop,” Assistant Attorney General A. Tysen Duva of the Justice Department’s Criminal Division said. “Extortion via the internet victimizes innocent citizens every bit as much as taking money directly out of their pockets. The Department of Justice is committed to using all tools available to identify and arrest perpetrators of ransomware attacks wherever we have jurisdiction.”
Court documents indicated the ALPHV BlackCat targeted more than 1,000 victims around the world. The group used ransomware as a service model where developers are responsible for creating and updating ransomware and maintaining an illicit internet infrastructure for a percentage of the proceeds. The three conspirators identified and attacked the high=value victim institutions and once they were paid, split the ransom with the developers.
“Ransomware is not just a foreign threat — it can come from inside our own borders,” U.S. Attorney Jason A. Reding Quiñones for the Southern District of Florida said. “Goldberg and Martin used trusted access and technical skill to extort American victims and profit from digital coercion. Their guilty pleas make clear that cybercriminals operating from within the United States will be found, prosecuted, and held to account.”
Goldberg and Martin face sentencing on March 12, 2026, and could possibly see a prison term of as many as 20 years.